is a small trojan executable that downloads and executes a variant of Win32/Poison (aka "Poison Ivy"), a trojan that allows unauthorized access of an affected host computer.
may be installed by other malware. When run, the trojan executes its file downloading payload.
The trojan connects to a compromised website to retrieve non-executable data in the following example hexadecimal format:
The trojan injects the downloaded hex code into its own running process and copies itself to the Windows system folder as "misys.exe". The new file is a variant of Win32/Poison.
For more information about Win32/Poison, see the description elsewhere in the encyclopedia.
Analysis by Daniel Radu
The following system changes may indicate the presence of this malware: